• Home
  • Apps
  • Apps News
  • Google Releases Android Security Update to Fix 2 Major Security Vulnerabilities

Google Releases Android Security Update to Fix 2 Major Security Vulnerabilities

Google Releases Android Security Update to Fix 2 Major Security Vulnerabilities
Highlights
  • The fix has been released for Nexus owners
  • One exploit could enter through a simple malicious jpeg image
  • Users didnt even need to click anything to allow the exploit

Google has released an Android update that fixes two critical security holes that were posing great threat to device owners. One threat was similar to Stagefright, and the other Google claims was designed for research work, but could become malicious if intruders found it and modified it.

The Google security update has been released for Nexus users only for now, but has been provided to OEM partners for their smartphones. Therefore, millions of Android phones still remain exposed to the vulnerabilities. The first vulnerability is similar to Stagefright. It could be exploited by sending maliciously formatted jpeg image through Google Talk or Gmail. The crazy thing was that the target didn't even need to click anything to get exploited, and the malicious code was hidden inside the sent jpeg's Exif data.

The second vulnerability was disclosed by researcher Mark Brand, reports Ars Technica. It allows attackers to execute malware or escalate local privileges on vulnerable phones. A Google spokesman told the publication that the exploit was for research purposes, and could not be used in real world attacks unless the intruder found it and modified it.

While these security patches are being received by Nexus owners, security firm CheckPoint has further revealed that Google Play has been hosting apps that contain malware called DressCode and CallJam. These malwares take phones to fraud ad revenue making websites. They even prompt users to call paid phone numbers. DressCode could additionally compromise local networks as well. Google has removed the apps since then, but only after many users downloaded the malicious software on their smartphone.

The only concern is that the patch for the two earlier mentioned critical vulnerabilities will reach only few Nexus users for now. Smartphones made by other OEMs are left in a lurch until the manufacturer releases an update with the patch, and even then, old phones that are no more supported won't get these patches at all. For those old handset users, switching to a new device that is supported by the OEM for regular updates is the only option.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Vu Launches Premium UHD and Curved TVs in India, Starting Rs. 1,00,000

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com